static int has_unexpired_creds(krb5_gss_cred_id_t kcred, const gss_OID desired_mech, int default_cred) { OM_uint32 major_status, minor; gss_name_t cred_name; gss_OID_set_desc desired_mechs; gss_cred_id_t tmp_cred = GSS_C_NO_CREDENTIAL; OM_uint32 time_rec; desired_mechs.count = 1; desired_mechs.elements = (gss_OID)desired_mech; if (default_cred) cred_name = GSS_C_NO_NAME; else cred_name = (gss_name_t)kcred->name; major_status = krb5_gss_acquire_cred(&minor, cred_name, 0, &desired_mechs, GSS_C_INITIATE, &tmp_cred, NULL, &time_rec); krb5_gss_release_cred(&minor, &tmp_cred); return (GSS_ERROR(major_status) || time_rec); }
/* * Release an IAKERB context */ static void iakerb_release_context(iakerb_ctx_id_t ctx) { OM_uint32 tmp; if (ctx == NULL) return; krb5_gss_release_cred(&tmp, &ctx->defcred); krb5_init_creds_free(ctx->k5c, ctx->icc); krb5_tkt_creds_free(ctx->k5c, ctx->tcc); krb5_gss_delete_sec_context(&tmp, &ctx->gssc, NULL); krb5_free_data_contents(ctx->k5c, &ctx->conv); krb5_get_init_creds_opt_free(ctx->k5c, ctx->gic_opts); krb5_free_context(ctx->k5c); free(ctx); }
/* Convert a JSON array value to a krb5 GSS credential. */ static int json_to_kgcred(krb5_context context, k5_json_array array, krb5_gss_cred_id_t *cred_out) { krb5_gss_cred_id_t cred; k5_json_number n; k5_json_bool b; krb5_boolean is_new; OM_uint32 tmp; *cred_out = NULL; if (k5_json_array_length(array) != 14) return -1; cred = calloc(1, sizeof(*cred)); if (cred == NULL) return -1; if (k5_mutex_init(&cred->lock)) { free(cred); return -1; } n = check_element(array, 0, K5_JSON_TID_NUMBER); if (n == NULL) goto invalid; cred->usage = k5_json_number_value(n); if (json_to_kgname(context, k5_json_array_get(array, 1), &cred->name)) goto invalid; if (json_to_principal(context, k5_json_array_get(array, 2), &cred->impersonator)) goto invalid; b = check_element(array, 3, K5_JSON_TID_BOOL); if (b == NULL) goto invalid; cred->default_identity = k5_json_bool_value(b); b = check_element(array, 4, K5_JSON_TID_BOOL); if (b == NULL) goto invalid; cred->iakerb_mech = k5_json_bool_value(b); if (json_to_keytab(context, k5_json_array_get(array, 5), &cred->keytab)) goto invalid; if (json_to_rcache(context, k5_json_array_get(array, 6), &cred->rcache)) goto invalid; if (json_to_ccache(context, k5_json_array_get(array, 7), &cred->ccache, &is_new)) goto invalid; cred->destroy_ccache = is_new; if (json_to_keytab(context, k5_json_array_get(array, 8), &cred->client_keytab)) goto invalid; b = check_element(array, 9, K5_JSON_TID_BOOL); if (b == NULL) goto invalid; cred->have_tgt = k5_json_bool_value(b); n = check_element(array, 10, K5_JSON_TID_NUMBER); if (n == NULL) goto invalid; cred->expire = k5_json_number_value(n); n = check_element(array, 11, K5_JSON_TID_NUMBER); if (n == NULL) goto invalid; cred->refresh_time = k5_json_number_value(n); if (json_to_etypes(k5_json_array_get(array, 12), &cred->req_enctypes)) goto invalid; if (json_to_optional_string(k5_json_array_get(array, 13), &cred->password)) goto invalid; *cred_out = cred; return 0; invalid: (void)krb5_gss_release_cred(&tmp, (gss_cred_id_t *)&cred); return -1; }